Published: 07/11/2022 Updated: 07/11/2023

CVSS v3 Base Score: 7.5 | Impact Score: 3.6 | Exploitability Score: 3.9

VMScore: 0

When Apache Ivy downloads artifacts from a repository it stores them in the local file system based on a user-supplied "pattern" that may include placeholders for artifacts coordinates like the organisation, module or version. If said coordinates contain "../" sequences - which are valid characters for Ivy coordinates in general - it is possible the artifacts are stored outside of Ivy's local cache or repository or can overwrite different artifacts inside of the local cache. In order to exploit this vulnerability an attacker needs collaboration by the remote repository as Ivy will issue http requests containing ".." sequences and a "normal" repository will not interpret them as part of the artifact coordinates. Users of Apache Ivy 2.0.0 to 2.5.1 should upgrade to Ivy 2.5.1.

Vulnerable Product	Search on Vulmon	Subscribe to Product
apache ivy

When Apache Ivy downloads artifacts from a repository it stores them in the local file system based on a user-supplied "pattern" that may include placeholders for artifacts coordinates like the organisation, module or version If said coordinates contain "/" sequences - which are valid characters for Ivy coordinates in general - it is possible th ...

DescriptionThe MITRE CVE dictionary describes this issue as: When Apache Ivy downloads artifacts from a repository it stores them in the local file system based on a user-supplied &quot;pattern&quot; that may include placeholders for artifacts coordinates like the organisation, module or version If said coordinates contain &quot;/&am ...

Mill Your shiny new Scala build tool! Confused by SBT? Frustrated by Maven? Perplexed by Gradle? Give Mill a try! Table of Contents Documentation How to build and test IntelliJ Setup Automated Tests Manual Testing Bootstrapping: Building Mill with your current checkout of Mill Troubleshooting Project Layout Core modules that are included in the main assembly Wo

lihaoyi lihaoyi lefou lefou Your shiny new Java/Scala build tool!

Mill Your shiny new Scala build tool! Confused by SBT? Frustrated by Maven? Perplexed by Gradle? Give Mill a try! Documentation If you want to use Mill in your own projects, check out our documentation: Documentation Here is some quick example, so that you can imagine how it looks: import mill_, scalalib_ object foo extends ScalaModule { def scala

CWE-22 https://lists.apache.org/thread/htxbr8oc464hxrgroftnz3my70whk93b https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YDIFDL5WSBEKBUVKTABUFDDD25SBNJLS/https://nvd.nist.gov https://github.com/orgTestCodacy11KRepos110MB/repo-4410-mill https://github.com/com-lihaoyi/mill https://alas.aws.amazon.com/AL2/ALAS-2023-2165.html

CVE-2022-37866

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

Github Repositories

References

Vulmon Search

About

Products

Connect